Everyone that manages security reports for Open Source projects have been getting a higher workload because of AI. Both real reports and just slop - reports including vulnerabilities in code that doesn't exist. For some, this is becoming a denial of service attack, with developers having to spend valuable, and in some cases unpaid, time to sort out what's real and may be a vulnerability.

Jarek Potiuk, member of The Apache Software Foundation will talk about this on the GVIP Summit Wednesday Jan 28th in Brussels. We still have a few seats available - but hurry up to register!

https://www.gvip-project.org

#NVD #CVE #EUVD #EUCRA #CRA

Before you know it, it’ll be time for EU Open Source Week and #FOSDEM in Brussels!

We’re planning on being at many events that week (more details soon). A few to put in your calendar now:

a) 28 Jan 2026: The 1st #GVIP Summit on #vulnerabilitymanagement, existing & future systems, from the new #EUVD to the #CVE program and other platforms. Registration: https://www.gvip-project.org/

b) 31 Jan 2026: Funding the FOSS Ecosystem Devroom
https://fosdem.org/2026/schedule/track/funding-the-foss-ecosystem/

Looking forward to seeing you there!

As #US #vulnerability-tracking falters, #EU enters with its own #security bug database
The European Vulnerability Database ( #EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. The EUVD is similar to the US government's National Vulnerability Database ( #NVD).
https://www.theregister.com/2025/05/13/eu_security_bug_database/ #CISA